Virtual network interface multiplexing

ABSTRACT

A control-plane component of a virtual network interface (VNI) multiplexing service assigns one or more VNIs as members of a first interface group. A first VNI of the interface group is attached to a first compute instance. Network traffic directed to a particular endpoint address associated with the first interface group is to be distributed among members of the first interface group by client-side components of the service. The control-plane component propagates membership metadata of the first interface group to the client-side components. In response to a detection of an unhealthy state of the first compute instance, the first VNI is attached to a different compute instance by the control-plane component.

BACKGROUND

Many companies and other organizations operate computer networks thatinterconnect numerous computing systems to support their operations,such as with the computing systems being co-located (e.g., as part of alocal network) or instead located in multiple distinct geographicallocations (e.g., connected via one or more private or publicintermediate networks). For example, data centers housing significantnumbers of interconnected computing systems have become commonplace,such as private data centers that are operated by and on behalf of asingle organization, and public data centers that are operated byentities as businesses to provide computing resources to customers. Somepublic data center operators provide network access, power, and secureinstallation facilities for hardware owned by various customers, whileother public data center operators provide “full service” facilitiesthat also include hardware resources made available for use by theircustomers. However, as the scale and scope of typical data centers hasincreased, the tasks of provisioning, administering, and managing thephysical computing resources have become increasingly complicated.

The advent of virtualization technologies for commodity hardware hasprovided benefits with respect to managing large-scale computingresources for many customers with diverse needs, allowing variouscomputing resources to be efficiently and securely shared by multiplecustomers. For example, virtualization technologies may allow a singlephysical computing machine to be shared among multiple users byproviding each user with one or more virtual machines hosted by thesingle physical computing machine. Each such virtual machine may beregarded as a software simulation acting as a distinct logical computingsystem that provides users with the illusion that they are the soleoperators and administrators of a given hardware computing resource,while also providing application isolation and security among thevarious virtual machines.

Operators of data centers that provide different types of virtualizedcomputing, storage, and/or other services usually rely on standardnetworking protocols to receive customer requests and transmit responsesto such requests using commodity network hardware such as various typesof network interface cards (NICs). Until a few years ago, networkingconfiguration for virtualized computing environments was still beingmanaged at the physical NIC level. Some network operators have recentlyincorporated virtual network interfaces (which may also be referred toas “elastic network interfaces”) into their infrastructure, enablingsome networking-related attributes such as IP (Internet Protocol)addresses to be transferred relatively easily between virtual machineswithout necessarily reconfiguring physical NICs. Such attributetransfers may be accomplished, for example, by detaching a virtualnetwork interface programmatically from one virtual machine andattaching it programmatically to another virtual machine. While easingthe complexity of network configuration somewhat, however, at least somevirtual network interface implementations may still not support thekinds of flexibility (e.g., in terms of the way network addresses can bedynamically re-mapped to underlying physical resources) demanded by someapplications and services that are being targeted for virtual computingenvironments.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 illustrates an example system environment in which interfacegroups comprising a plurality of virtual network interfaces (VNIs)associated with a single client-accessible service endpoint address(CSEA) may be established using a VNI multiplexing service of a providernetwork, according to at least some embodiments.

FIG. 2 illustrates examples of attributes that may be associated with aVNI that can be designated as a member of an interface group, accordingto at least some embodiments.

FIG. 3 illustrates an example system environment in which VNIsconfigured to handle traffic associated with several different CSEAs maybe included in an interface group, according to at least someembodiments.

FIG. 4 illustrates examples of client-side virtualization managementcomponents that may distribute baseline packet contents among VNIs of aninterface group using encapsulation, according to at least someembodiments.

FIG. 5 illustrates an example of an edge networking device which maydistribute baseline packet contents among VNIs of an interface group,according to at least some embodiments.

FIG. 6 illustrates examples of programmatic control-plane interactionsbetween a client and a VNI multiplexing service, according to at leastsome embodiments.

FIGS. 7a, 7b and 7c respectively illustrate three examples of mappingsbetween VNIs, NICs and hosts associated with an interface group,according to at least some embodiments.

FIG. 8 is a flow diagram illustrating aspects of operations that may beperformed by control-plane components of a VNI multiplexing service,according to at least some embodiments.

FIG. 9 is a flow diagram illustrating aspects of operations that may beperformed by client-side components of a VNI multiplexing service,according to at least some embodiments.

FIG. 10 is a block diagram illustrating an example computing device thatmay be used in at least some embodiments.

While embodiments are described herein by way of example for severalembodiments and illustrative drawings, those skilled in the art willrecognize that embodiments are not limited to the embodiments ordrawings described. It should be understood, that the drawings anddetailed description thereto are not intended to limit embodiments tothe particular form disclosed, but on the contrary, the intention is tocover all modifications, equivalents and alternatives falling within thespirit and scope as defined by the appended claims. The headings usedherein are for organizational purposes only and are not meant to be usedto limit the scope of the description or the claims. As used throughoutthis application, the word “may” is used in a permissive sense (i.e.,meaning having the potential to), rather than the mandatory sense (i.e.,meaning must). Similarly, the words “include,” “including,” and“includes” mean including, but not limited to.

DETAILED DESCRIPTION

Various embodiments of methods and apparatus for multiplexing virtualnetwork interfaces at a provider network are described. Networks set upby an entity such as a company or a public sector organization toprovide one or more services (such as various types of multi-tenantand/or single-tenant cloud-based computing or storage services)accessible via the Internet and/or other networks to a distributed setof clients may be termed provider networks herein. At least someprovider networks may also be referred to as “public cloud”environments. A given provider network may include numerous data centershosting various resource pools, such as collections of physical and/orvirtualized compute servers, storage devices, networking equipment andthe like, needed to implement, configure and distribute theinfrastructure and services offered by the provider. In at least someembodiments, a virtual computing service implemented at a providernetwork may enable clients to utilize one or more guest virtual machines(which may be referred to herein as “virtualized compute servers”,“compute instances” or simply as “instances”) for their applications,with one or more compute instances being executed on any given instancehost of a large fleet of instance hosts. Several different kinds ofinstances may be supported in some implementations, e.g., “large”,“medium” or “small” instances that have different compute performancecapabilities, different memory sizes and different amounts of persistentstorage space. Within large provider networks, some data centers may belocated in different cities, states or countries than others, and insome embodiments the resources allocated to a given application may bedistributed among several such locations to achieve desired levels ofavailability, fault-resilience and performance. Generally speaking, anyof a variety of networking protocols, including Transmission ControlProtocol/Internet Protocol (TCP/IP) or User Datagram Protocol (UDP), maybe used to access the resources of a provider network, and forcommunications between different resources of the provider network.

In some embodiments, the virtual computing service may enable users toassociate virtual network interfaces (VNIs) with their computeinstances. A VNI may comprise a logical entity with a set of networkingand security-related attributes that can be attached to (or detachedfrom) a compute instance programmatically. For example, at least one IP(Internet Protocol) address “IPaddr1” may be assigned to a given virtualnetwork interface VNI1, and security rules restricting inbound andoutbound traffic may be set for VNI1. When that VNI is programmaticallyattached to a given compute instance CI1 launched at an instance hostwith a physical network interface card NIC1, network packets indicatingIPaddr1 as their destination address (and complying with the securityrules) may be received at CI1 via NIC1. In addition, outbound packetsgenerated at CI1 may indicate IPaddr1 as their source address and may bephysically transmitted towards their destinations via NIC1. If VNI1 isthen programmatically detached from CI1 and attached to CI2 (which isexecuting at a different instance host with a different physical networkinterface card NIC2), the IPaddr1 traffic that was previously beingreceived at CI1 may now be received at CI2, with the same security rulesin place. Support for virtual network interfaces may considerablysimplify network configuration tasks for customers using the virtualcomputing service.

In at least some provider networks, a variety of higher-level servicesmay be implemented by the provider network operator using resources ofother services. For example, a distributed database service may utilizea storage service and the virtual computing service, or a scalabledistributed file storage service implementing NFS (Network FileSystem)-like interfaces may utilize the virtual computing service and/ora storage service. Compute instances configured to perform such aservice's operations may be termed “nodes” of the service, and may beaccessed in some embodiments using groups of VNIs to which networkaddresses associated with the service have been assigned. Such addressesmay also be referred to herein as client-accessible service endpointaddresses (CSEAs). Client applications that use these higher-levelservices may in some cases also run on compute instances of the virtualcomputing service, e.g., within isolated virtual networks (sometimesreferred to as virtual private clouds) set up on behalf of customers asdescribed below in further detail. In some scenarios, end-user customersmay access some services from devices located within external networks,such as customer networks in data centers outside the provider network,or from various Internet-connected computing devices (such as laptops,desktops, tablets, smart phones and the like). Service traffic fromexternal clients may enter the provider network via various edgenetworking devices, such as gateways, edge routers and the like, and maybe routed to the compute instances being used by the service.

For at least some services that are implemented in a distributed mannerwithin the provider network, service requests may thus be generated at awide variety of sources. Such requests may have to be distributed orload-balanced among a number of different compute instances deployed asnodes of the service at which the requested operations can be performed,and results of the operations may then have to be provided to therequest sources. For some types of services, session state informationmay have to be maintained across sequences of requests. Generallyspeaking, the connectivity and load balancing needs of service clientsmay vary considerably, e.g., between different clients and over time.Service configurations in which a single VNI, or a single node of theservice to which one particular VNI is attached, is used to handlerequest traffic directed to a given CSEA of a service may not besufficient to deal with the variations in service connectivityrequirements. In addition, associating just one CSEA with a given nodeof the service may sometimes result in underutilization of the node'scomputing capabilities.

Accordingly, in at least some embodiments, a VNI multiplexing (VNIM)service may be implemented at the provider network, enabling VNIs to belogically aggregated and mapped to CSEAs in various ways depending onthe particular needs of a given service or a given set of clients of aservice. Administrative or control-plane components of the VNIM servicemay implement programmatic interfaces that can be used, for example, tocreate and delete interface groups comprising some number of logicallyaggregated VNIs, with each such interface group being associated with agiven CSEA. In at least some embodiments, data-plane components of theVNIM service may include client-side components (e.g., at instance hostsat which client applications whose requests are to be fulfilled usingthe interface groups, or at edge nodes of the provider network at whichservice requests from external networks are received) as well asservice-side components at the compute instances to which themultiplexed VNIs are attached. In one embodiment, both the control-planeand the data-plane of the VNIM service may be distributed, e.g.,implemented using numerous software and/or hardware components of theprovider network. In some embodiments, configuration informationregarding the collection of VNIs that are designated as members of aninterface group may be propagated to the client-side components bycontrol-plane components of the VNIM, enabling intelligent and statefulload balancing to be performed at the client-side component without theneed of dedicated load balancers as intermediaries.

According to one embodiment, one or more control-plane components suchas a configuration manager of the VNIM service may receive a request tocreate an interface group (IG), e.g., on behalf of another service Svc1implemented in the provider network, or on behalf of a customer of sucha service. In response, the control-plane components may generate an IG(e.g., “IG1”) comprising a plurality of VNIs as members, such that eachVNI of IG1 is attached to a respective compute instance and has arespective non-public IP address (e.g., an address that is notpropagated via DNS or other similar mechanisms to applications utilizingSvc1). The format of such non-public network addresses may differ invarious embodiments: e.g., in some embodiments, a standard IPv4 (IPversion 4) or IPv6 (IP version 6) address may be used, while in otherembodiments an internal address format (based on an encapsulationprotocol used for internal communications within the provider network)may be used. The compute instances associated with an IG may be referredto as “service” or “service-side” compute instances, e.g., in contrastto the “client” or “client-side” compute instances at which servicerequests may originate for some types of services. In some scenarios,the compute instances to which the VNIs are attached may themselvesperform Svc1 operations, while in other scenarios Svc1 operations may beperformed at other back-end Svc1 nodes, with IG1's compute instancesacting as intermediaries. In some implementations, IG1 may be createdempty (with no VNIs included initially), or with some small initialnumber of VNIs, and more VNIs may be added programmatically after thegroup is created. VNIs may also be removed from IG1, for example inresponse to detecting that the instance to which a given VNI is attachedis not responsive or has reached an unhealthy state. It is noted thatthe phrase “compute instances of an interface group” may be used hereinas the equivalent of the phrase “compute instances attached to virtualnetwork interfaces of an interface group”; that is, the computeinstances to which the VNIs of an IG are attached may be referred tosimply as the IG's compute instances. At least one client-accessibleservice endpoint address (CSEA) of Svc1 (which differs from thenon-public IP addresses of the member VNIs) may be associated with IG1in some embodiments. Membership metadata of IG1 may be distributed amonga set of client-side components of the VNIM service to allow theclient-side components to distribute service requests among the memberVNIs. In at least some implementations, the different member VNIs of angiven instance group may generally be considered interchangeable orfunctionally equivalent from the perspective of the client-sidecomponents, at least for the initial packet of any given logical flow.As described below, however, in some cases the same destination VNI maybe selected for successive packets belonging to a particular logicalflow. In different embodiments, the CSEA may either be assigned at thetime that IG1 is set up, or it may be assigned later in a separate step.In at least some embodiments, an indication of a target selection policyto be used to distribute client requests among the member VNIs of IG1may also be propagated to client-side components by the VNIM controlplane.

A client application that is to use Svc1, e.g., an application runningon a client's compute instance CCI1 at a particular instance host IH1 ofthe virtual computing service, may generate a service request directedto Svc1. In some embodiments, the client application may, for example,determine a network address of Svc1 using a request directed to Svc1'scontrol-plane, or using a DNS (Domain Name Service) query. Aclient-accessible service endpoint address (CSEA) “Svc1-addr1”associated with IG1 may be provided to the client application in somesuch embodiments. The service request may be included within a baselinenetwork packet generated at the networking software stack of CCI1, withSvc1-addr1 indicated as the destination address of the baseline packet.The virtualization management stack of the instance host IH1 (e.g.,comprising a hypervisor and one or more privileged domain operatingsystem instances) may include a client-side component of the VNImultiplexing service in such embodiments. Membership metadata for IG1may have been propagated earlier to the client-side component. Theclient-side component may detect and intercept the baseline packet, anduse the membership metadata (and/or an associated target selectionpolicy) to select a particular one of the member VNIs of IG1 as adestination for the baseline packet. In one implementation, for example,the contents of the baseline packet may be incorporated within the bodyof an encapsulation packet by the client-side component, with theparticular non-public IP address of the target VNI indicated as thetarget address for the encapsulation packet. Any of a number ofdifferent encapsulation protocols (such as Generic Routing Encapsulationor GRE, or a custom encapsulation protocol of the provider network) maybe used in various embodiments. In at least some embodiments, theclient-side component may store a connection tracking record indicatingthat the target VNI was selected for the particular baseline packet, andthe connection tracking record may be used to again select that sametarget VNI for subsequent baseline packets containing Svc1 requestsreceived from the same client application or the same client applicationsession.

The encapsulation packet may then be transmitted to the selected VNI'snon-public IP address. The compute instance to which the selected VNI isattached may receive the encapsulation packet. If the compute instanceis itself configured to perform the requested service operations thatwere indicated in the baseline packet, the service request may beextracted from the encapsulation packet and the appropriate operationsmay be performed; otherwise, the encapsulation packet or the extractedbaseline packet may be transmitted to back-end nodes of Svc1.

In some embodiments, one or more VNIs of an IG such as IG1 may beconfigured in “trunked” mode, e.g., with several different CSEAsassigned to an individual VNI. In this way, traffic directed atpotentially large numbers (e.g., tens or hundreds) of CSEAs of a servicesuch as Svc1 from respective client applications may be handled at agiven compute instance in a multi-tenant fashion. In some embodiments, agiven trunked-mode VNI assigned with N different CSEAs may be designatedas a member of N distinct IGs, with each of the N CSEAs assigned to arespective IG. Each of the N IGs in such a scenario may have been setup, for example, to receive traffic from a respective set of client-sidecomponents of the multiplexing service (although in at least someembodiments, any given client-side component may belong to several ofthe sets, and may therefore direct encapsulation packets to several IGsas needed).

The control-plane components of the VNI multiplexing service may beresponsible for monitoring the health state of the instances to whichthe member VNIs of various IGS are assigned, and for providing updatesof the health state to the client-side components. In accordance withone aspect of a target selection policy associated with an interfacegroup, the client-side components may use the provided health stateupdates to avoid selecting unhealthy service compute instances as thedestinations for outgoing packets in some embodiments. For the purposesof health monitoring, the term “health state of a VNI” may be consideredsynonymous herein with the term “health state of a service computeinstance to which the VNI is attached”. In one embodiment, respectivehealth state entries may be maintained (e.g., as respective bits of abit map) for the VNIs/instances of one or more IGs at a givenclient-side component. When selecting a target VNI for a particularpacket, the client-side component may avoid those VNIs whose healthstate entries indicate unhealthy states. In some embodiments, healthmonitoring agents and/or services may have been set up for otherpurposes in the provider network, and such agents and services may beused for the VNI multiplexing service as well, thus eliminating the needfor health monitoring resources that are dedicated to the multiplexingservice alone.

In one embodiment, a “fail-up” approach may be used for target selectionby the client-side components under certain conditions. According tothis approach, if a client-side component receives health status updatesduring a given time period indicating that more than a threshold numberof VNIs of a given IG are apparently in an unhealthy state (e.g.,because the service compute instances to which those VNIs are attachedappear to be unresponsive), a client-side component may decide to ignorethe reports of unhealthy state. Instead, for example, all the VNIs ofthe IG may be marked as being healthy in the health state entriesmaintained by the client-side component, and packet targets may beselected accordingly. The fail-up approach may be used in someembodiments based on the assumption that the reporting of large numbersof failures may often result from problems in the health monitoringinfrastructure itself, rather than from actual failures at the entitiesbeing monitored. By the time that all N VNIs (or some large subset of(N-m) VNIs) of a given IG are reported as unhealthy, under such anassumption, the service may already be operating in such a degraded modethat relatively few negative consequences may result from disregardingthe reports of the failures. Of course, if the failure reports areeventually determined to be accurate, some packets may have been lost,but similar packet losses may have occurred even if the “fail-up”approach had not been used.

According to one embodiment in which connection-oriented protocols suchas TCP are used, the responsibility for an in-progress connection may betransferred from one service compute instance (attached to a particularVNI of an IG) to a different service compute instance (attached to adifferent VNI of the IG) as and when necessary. For example, upondetecting a failure associated with one service compute instance thathad been receiving packets belonging to a particular TCP connection, acontrol-plane component of the multiplexing service may select asubstitute or replacement service compute instance to receive subsequentpackets belonging to that same TCP connection, without terminating ordropping the connection. Metadata indicating the replacement may betransmitted to the client-side component from which the packets of theTCP connection have been received thus far. Such a transfer of apersistent or long-lasting connection, without terminating theconnection, may also be referred to as “connection pickup” herein. Theclient application involved may not even be aware that anything haschanged in at least some embodiments in which connection pickup isimplemented in response to a failure.

In some embodiments, a VNI multiplexing service may implement one ormore sets of programmatic interfaces (e.g., web-based consoles,application programming interfaces, command-line tools or standaloneGUIs) that can be used to set or obtain various types of interface groupattributes. Using such an interface, a client of the VNI multiplexingservice may set up and tear down IGs, add new VNIs to IGs, remove VNIsfrom IGs, modify the target selection settings associated with IGs,assign addresses to IGs and so on. It is noted that in variousembodiments, a variety of internal and external customers may utilizethe VNI multiplexing service—e.g., IGs may be set up for other servicesof the provider network, or for entities (such as individual ororganizations) outside the provider network including users of otherservices implemented at the provider network. Thus, in some cases, theprogrammatic interfaces of the VNIM may be used by control-planecomponents of another service of the provider network to manage IGs setup for the other service.

Example System Environment

FIG. 1 illustrates an example system environment in which interfacegroups comprising a plurality of virtual network interfaces (VNIs)associated with a single client-accessible service endpoint address(CSEA) may be established using a VNI multiplexing service of a providernetwork, according to at least some embodiments. As shown, system 100comprises a VNI multiplexing service configuration manager 180 that hasset up two interface groups (IGs) 150A and 150B. Each IG 150 comprises aplurality of VNIs in the depicted embodiment, and each IG has arespective CSEA 172. IG 150A, for example, includes VNIs 164A, 164B, . .. , 164M, and a CSEA 172A usable by applications running at clientcompute instances (CCIs) 122A and 122B. IG 150B includes VNIs 164Q and164R, and has CSEA 172B that is usable by applications running at CCIs122K, 122L, 122M and 122N. Each VNI 164 is shown attached to arespective service compute instance (SCI) 132 in system 100. Forexample, VNI 164A is attached to SCI 132A, VNI 164 is attached to SCI132B, and so on. As described below in further detail with respect toFIG. 2, in at least some embodiments a VNI 164 may represent acollection of networking-related attributes that can be dynamicallyassociated with or disassociated from compute instances such as SCIs 132via “attach” and “detach” operations respectively. One or more CCIs 122may be respective guest virtual machines resident at a given client-sideinstance host 120—for example, CCI 122A and 122B are shown executing atinstance host 120A, CCIs 122K and 122L are implemented at instance host120B, and CCIs 122M and 122N are implemented at instance host 120C.Similarly, one or more SCIs 132 may be respective guest virtual machinesrunning at service-side instance hosts (not shown in FIG. 1). A numberof different approaches may be taken to the manner in which the SCIs aredistributed among service-side instance hosts in different embodimentsand for different use cases. Examples of mappings between service hosts,NICs, and SCIs are illustrated in FIG. 7a-7c and discussed in furtherdetail below.

Generally speaking, any number of CCIs 122, instantiated at any numberof instance hosts 120 of a virtual computing service, may be providedthe CSEA (or CSEAs, in embodiments in which multiple client-accessibleservice endpoint addresses may be assigned to a single IG) of any givenIG 150. The CSEAs 172 may, for example, be provided to the CCIs for aservice being implemented either at the SCIs 132 to which the VNIs 164are attached, or at other back-end service nodes (not shown in FIG. 1)for which the SCIs 132 act as intermediaries or request/responsedistributors. In the example illustrated in FIG. 1, network packetscontaining service requests, with headers indicating CSEA 172A as thedestination for the packets, may be generated at CCIs 122A and/or 122B.Such packets may be referred to as “baseline packets”, herein, e.g., todistinguish them from encapsulation packets that may be generated totransmit the contents of the baseline packets on a network path towardsthe resources at which the service requests are to be processed. In FIG.1, such encapsulation packets may be generated at respective client-sidecomponents 144 of the VNI multiplexing service.

Each client-side component 144, such as client-side component 144A atinstance host 120A, client-side component 144B at instance host 120B,and client-side component 144C at instance host 120C, may be providedconfiguration metadata for the appropriate set of IGs by theconfiguration manager 180. Thus, for example, after VNIs 164A-164M havebeen designated as members of IG 150A by the configuration manager 180,a membership list for IG 150A may be provided to client-side component144A. Similarly, after designating VNIs 164Q and 164R as members of IG150B, configuration manager 180 may provide a membership list for IG150B to client-side components 144B and 144C. The membership metadatamay include, for example, the identifiers and non-public networkaddresses of each of the VNIs of the IG; in some cases, the membershipmetadata may include a target selection policy providing guidance to theclient-side components on how traffic should be distributed among theIG's VNIs. In some embodiments, the membership metadata may be providedin response to programmatic requests from the client-side components,e.g., in a request to attach a specified IG to one or more CCIs 122 orto a client-side component 144. Thus, in such embodiments, it may bepossible to programmatically attach not just an individual VNI to agiven entity, but also or instead to attach an interface groupcomprising a plurality of VNIs. In some embodiments, VNIs 164 may beadded to or removed from IGs 150 over time, e.g., in response toprogrammatic requests from the clients or services on whose behalf theyhave been set up, and changes to the membership of the IGs may also bepropagated to the client-side components 144. As in the exampleconfiguration shown in FIG. 1, the set of client-side components forwhich a particular IG is established may differ from the set ofclient-side components for which a different IG is set up. It is noted,however, that in at least some embodiments, multiple IGs may be set upfor a given collection of client-side components, and metadata (e.g.,membership lists) pertaining to each of the multiple IGs may bepropagated to the client-side components of the given collection. In oneembodiment, the metadata of a particular IG need not be distributed toall client-side components that are to utilize the IG by theconfiguration manager 180; instead, for example, the configurationmanager may provide the metadata to a subset of the client-sidecomponents, and the metadata may be propagated to the remainingclient-side components by the members of the subset.

In addition to providing the membership metadata to the client-sidecomponents 144, in at least some embodiments the configuration manager180 may also provide health status updates regarding the set of SCIs 132of the appropriate IGs 150 to client-side components 144. Such healthstate information may be obtained, for example, by health monitoringagents 182 from the various SCIs 132, the hosts at which the SCIs arelaunched, and/or other components of the provider network. In someembodiments, the health state information (or at least changes withrespect to previously-provided health state information) may be pushedto the client-side components 144 without requiring explicit healthupdate requests from the client-side components. In other embodiments, apull model may also or instead be implemented for health status updates,and the configuration manager 180 may respond to explicit health stateupdate requests from the client-side components. The configurationmanager 180 and the health monitoring agents 182 may representcontrol-plane elements of the VNI multiplexing service in the depictedembodiment, while the client-side components 144, the SCIs 132 and theVNIs 164 of the IGs 150 may be considered data-plane components. In someembodiments, the health monitoring agents 182 may be used by a pluralityof services of the provider network; for example, the agents 182 may beelements of a general-purpose health monitoring infrastructure of aprovider network. In some implementations, the configuration manager 180may comprise a plurality of software and/or hardware componentscollaborating to manage at least a subset of the administrative tasks ofthe VNI multiplexing service.

After the IG membership metadata has been received at the client-sidecomponents 144, data-plane operations of the VNI multiplexing serviceinvolving the distribution of packets by the client-side componentsamong IG members may begin in the depicted embodiment. In at least oneembodiment, as mentioned above, the metadata provided to the client-sidecomponents 144 by the configuration manager 180 may include selectionrules or policies that can be used to select specific VNIs to which agiven packet is to be directed. For example, in one implementation, eachVNI 164 of an IG 150 may be assigned a weight to indicate theprobability with which that VNI should be selected for any givenbaseline packet directed to the CSEA 172 of that IG. In otherembodiments, the client-side components may implement target selectionpolicies on their own, e.g., without being provided weights or otherselection criteria by the VNIM service control plane.

In one embodiment in which at least some service requests that are to behandled using IGs are generated at virtual machines such as CCIs 122,the instance hosts 120 at which those virtual machines are implementedmay include virtualization management components (VMCs) such ashypervisors and/or operating systems running in privileged domains(which may be referred to as domain zero or “dom0”). The VMCs may serveas intermediaries between the CCIs and the hardware of the instancehosts, such as physical network interface cards, disk drives, and thelike. In such embodiments, the VMCs may comprise the client-sidecomponents 144 of the VNI multiplexing service. Upon detecting orintercepting a baseline packet directed at the CSEA assigned to an IG150, the client-side component 144 may identify, e.g., using a targetselection policy associated with the IG, a particular VNI that is amember of the IG as a destination VNI to which the contents of thebaseline packet are to be transmitted. The non-public address of theselected VNI may be indicated as the destination address in a header ofan encapsulation packet generated at the client-side component, forexample, with at least some of the contents of the baseline packetincluded in the body of the encapsulation packet. As mentioned earlier,although in some embodiments IP address (e.g., IPv4 or IPv6 addresses)may be used as the non-public addresses of the VNIs, other addressformats and/or protocols may be used in other embodiments. In oneembodiment, the client-side component may also store a connectiontracking record indicating the selection of the particular VNI (e.g.,indicating the non-public address of the selected VNI). Such trackingrecords may be used for selecting the same destination address forsubsequent packets generated from the same source in some embodiments.In accordance with the destination address indicated in its header, theencapsulation packet may be transmitted to the SCI 132 to which theselected VNI is attached in the embodiment illustrated in FIG. 1. For adifferent baseline packet, e.g., one generated at a different CCI 122, adifferent VNI of the same IG may be selected by the client-sidecomponent. In this way, the service request workload generated atvarious CCIs 122 may be distributed among the member VNIs of the IG bythe client-side components 144, without having to change any of theapplications at which the service requests were generated.

VNI Attributes

FIG. 2 illustrates examples of attributes 290 that may be associatedwith a VNI 164 that can be designated as a member of an interface group,according to at least some embodiments. It is noted that a providernetwork may include VNIs that belong to interface groups, as well asVNIs that are used in a standalone manner (i.e., VNIs that are notdesignated as part of any interface group). A generalized list ofexample attributes is shown in FIG. 2, not all of which may necessarilybe used for VNIs that belong to interface groups set up by a VNImultiplexing service. Only a subset of the attributes or propertiesshown in FIG. 2 may be implemented in some embodiments, and not all theimplemented attribute fields may have to be populated (i.e., some of theattributes may be left blank or null). Respective records comprisingfields/entries containing the attributes 290 of various VNIs may bestored in a persistent metadata store in some embodiments, e.g., a storethat is accessible from various control-plane components of the providernetwork, including the control-plane components of the VNI multiplexingservice.

When a new VNI is created, e.g., in response to a programmatic requestfrom a client of a virtual computing service which supports VNIs, a newinterface identifier 201 may be generated for it. In someimplementations, a description field 202 may be filled in by the clientthat requested the creation of the VNI, e.g., “Interface 554 for clientgroup CG-X of file storage service”. A provider network in which the VNIis to be used may comprise a plurality of logical partitions in someembodiments, and the attributes 290 may contain a logical partitionidentifier 203 in such cases. For example, the operator of the providernetwork may establish an isolated virtual network (IVN) for a particularcustomer by setting aside a set of resources for exclusive use by thecustomer, with substantial flexibility with respect to networkingconfiguration for that set of resources being provided to the customer.The identifier of such an isolated virtual network (which mayalternatively be referred to as a virtual private cloud or VPC of thecustomer) may be indicated as the logical partition identifier 203 for aVNI. In some cases the attributes may include a zone identifier 204,which may for example indicate a geographical region or set of datacenters whose compute instances may be available for attachment to theVNI.

Any of several types of network addressing-related fields may beincluded within the set of attributes of a VNI in different embodiments.One or more private IP addresses 205 may be specified in someembodiments, for example. Such private IP addresses, also referred toherein as non-public addresses, may be used internally for routingwithin the provider network (e.g., for encapsulation packets generatedby client-side components of the VNI multiplexing service), and may notbe directly accessible from outside the provider network or to at leastsome client applications running on CCIs. In some embodiments, at leastsome non-public IP addresses associated with a VNI may not be IPaddresses; that is, addressed formatted according to a proprietaryprotocol of the provider network may be used, or addresses formattedaccording to a different public-domain protocol may be used. In general,zero or more public IP addresses 215 may also be associated with VNIs insome embodiments; these IP addresses may be visible outside the providernetwork, e.g., to various routers of the public Internet or peernetworks of the provider network. However, in at least some embodiments,public IP addresses may not be used for VNIs that are included in IGswhich have CSEAs 172 assigned to them. One or more subnet identifiers225 (e.g., expressed in Classless Inter-Domain Routing or CIDR format)may be included within attributes 290 in some embodiments, such asidentifiers of subnets set up by a client within an IVN in which the VNIis to be used. In one embodiment an identification of a Domain NameServer (DNS) responsible for propagating address(es) associated with theVNI, or other DNS-related information 227, may be included in theattributes 290 as well.

In some embodiments the attributes 290 may include security-relatedproperties 235. Some provider networks may allow users to specify rules,including for example firewall-related rules, for the types of incomingand/or outgoing traffic allowed at compute instances to which a VNI maybe attached. Such rules may be termed “security groups” and identifiedvia security group(s) fields 245. Various port and protocol restrictionsmay be enforced using such rules, and multiple rules may be associatedwith each VNI. For example, a client may use security groups to ensurethat only HTTP and HTTPs outgoing or incoming traffic is allowed, tolimit the set of TCP or UDP ports to which traffic is permitted, tofilter incoming and outgoing traffic according to various policies, andso on. In some implementations an attacher list 247 may be specified,indicating which users or entities are allowed to request attachments ofthe VNI to compute instances. In some cases a separate detacher list maybe used to specify which entities can detach the VNI, while in othercases a single list such as attacher list 247 may be used to identifyauthorized attachers and detachers. The collection of users or entitiesthat are allowed to set or modify IP addresses (e.g., public IPaddresses 215 and/or private IP addresses 205) of the VNI may beprovided in IP address setter list 249, and the set of users or entitiesthat own (or can modify various other fields of) the VNI may bespecified in owner/modifier field 253 in some embodiments. For example,an owner/modifier identified in field 253 may be permitted to change theattacher list 247 or the IP address setter list in some implementations,thus changing the set of entities permitted to attach or detach the VNIor modify its IP address(es). While the term “list” has been used forfields 247, 249, and 253, logical data structures other than lists (suchas arrays, hash tables, sets and the like) may be used to represent thegroups of entities given various security privileges, roles and/orcapabilities in various embodiments.

In some embodiments, users of the virtual computing service of aprovider network may be allowed to “terminate” compute instances 120.For example, a client may set up compute instances, attach VNIs to theinstances, run a desired set of computations on the instances, and thenissue a request to terminate the instances when the desired computationsare complete. In such embodiments, a “DeleteOnTerminate” setting 251 maybe used to specify what happens to attached VNIs when a compute instanceis terminated. If DeleteOnTerminate is set to “true” for a VNI attachedto the instance being terminated, the VNI may be deleted (e.g., apersistent record comprising attributes 290 for the VNI may be removedfrom the repository in which it was being stored). If DeleteOnTerminateis set to “false”, the VNI may be retained, so that for example it maybe attached again to some other compute instance. In one embodiment,when a VNI is attached to a compute instance, an attachment recordseparate from the VNI attributed 290 may be created to represent thatrelationship, and the DeleteOnTerminate property may be associated withthe attachment record instead of or in addition to being associated withthe VNI itself. In such an embodiment, the VNI's attributes 290 mayinclude a reference or pointer to the attachment record or records foreach of the attachments in which the VNI is currently involved, anddifferent values of “DeleteOnTerminate” may be set for each attachmentrecord.

In one embodiment, the attributes 290 may contain routing-relatedinformation such as an indication 265 of whether a source and/ordestination check is to be performed for network packets transmitted toa compute instance to which the VNI is attached. If thesource/destination check setting is set to “false” or “off”, routingdecisions may be made based on a packet's source and destination IPaddresses, e.g., the packet may be forwarded from one subnet to another;and if the setting is “true” or “on”, the compute instance may notperform routing in some embodiments. Thus the source/destination field265 may be used in some embodiments to control whether a computeinstance to which the VNI is attached performs routing or gatewayfunctions on packets for which it is not the final destination, orwhether it ignores such packets. Other types of routing-relatedinformation, such as route table entries, may also or instead beincluded in attributes 290 in other embodiments. Billing-relatedinformation may be included in attributes 290 in some implementations,identifying for example the entity or user to be billed for networktraffic associated with the VNI. In some implementations customers maybe billed at least partially based on the number of VNIs they create,independently of how many of the instance records are attached toresource instances; in other implementations billing may include bothrecurring charges (e.g., based on the number of VNIs and/or the numberof VNIs attached) and non-recurring charges (e.g., based on traffic flowmeasurements).

The interface status field 268 may be used to indicate a current stateof the VNI—e.g., whether the VNI is “available”, “disabled”, or“in-repair”. Similarly, the attachment status field 269 may be used toindicate whether the VNI is currently attached, detached or in theprocess of being attached or detached in some embodiments. In oneimplementation, as described above, a record of an attachment may becreated at the time the corresponding attachment operation is performed,and an identifier or identifiers of the current attachments of the VNImay be stored in attachment id field 271. Identifiers of the computeinstance or instances to which the VNI is currently attached may bestored in attached-to instance field 273, and the user or entity thatrequested the attachment may be identified via attachment owner field275 in some embodiments. In one embodiment, a list of identifiers of theNIC or NICs 110 currently usable for traffic directed to/from the IPaddresses of the VNI may be maintained, e.g., in the form of a MACaddress(es) field 277. In some implementations, monitoring information279, such as statistics about the amount of traffic flowing to or fromthe IP addresses of the VNI, may also be retained among attributes 290.Other fields not shown in FIG. 2 may be included in various embodiments.

In one embodiment, some of the fields shown in FIG. 2 may be replaced byreferences or pointers to other objects. For example, securityinformation for a VNI may be stored in a separate security object, andthe attributes 290 may include a reference to the security object.Similarly, each attachment of a compute instance to a VNI 164 may berepresented by an attachment object, and the attributes 290 may includepointers to the appropriate attachment objects in some implementations.

Trunked VNIs

In the embodiment illustrated in FIG. 1, each VNI is a member of asingle interface group, and is selected as a destination forencapsulation packets derived from baseline packets that were originallytargeted towards a single CSEA. FIG. 3 illustrates an example systemenvironment 300 in which VNIs configured to handle traffic associatedwith several different CSEAs may be included in an interface group,according to at least some embodiments. Such VNIs may be referred to as“trunked” VNIs herein. In system 300, three trunked VNIs 364A-364K areshown. Each of the three VNIs is shown as a member of two differentinterface groups, 350A and 350B. Interface groups 350A and 350B arerespectively assigned CSEAs 372A and 372B.

Interface group 350A may have been set up to handle client requestsgenerated at a first set of client compute instances, and interfacegroup 350B may have been established for client requests generated at adifferent set of CCIs. Membership metadata pertaining to IG 350A may bepropagated by configuration manager 180 to client-side components 344A,for example, while membership metadata pertaining to IG 350B may betransmitted to client-side component 344B in the example configurationshown. Similarly, health state information for the SCIs 332A-332K may bepassed on from health monitoring agents 182 to the configuration manager180, and from the configuration manager 180 to the client-sidecomponents. In some cases, IG 350A may have been established on behalfof one customer, while IG 350B may have been established on behalf of adifferent customer. In some embodiments in which the VNIs of a given IGare shared among different clients in a multi-tenant fashion, adelegated security model that requires agreement regarding the sharingof resources among the clients involved may be used. For example, eachof the customers or clients whose traffic is to be directed using themulti-tenant trunked VNIs 364 may have to agree to share rights to theVNIs. In one implementation, for example, one client may be identifiedas the attachment owner 275 (indicated in the metadata 290 of FIG. 2) ofa given VNI, but may have to delegate or share ownership with the otherclients whose traffic is to utilize the VNI. In addition, otheroperations involving trunked VNIs, such as transferring such VNIs amonginterface groups or deleting such VNIs, may have to be coordinated amongmultiple clients in some embodiments. In one embodiment, trunked VNIsmay be used only for a single client at a time (e.g., for a singlecustomer that wishes to use multiple interface groups for different setsof their CCIs), in which case the coordination of such changes and ofVNI ownership may not be required.

In the configuration shown in FIG. 3, baseline packets comprisingservice requests generated at CCIs 322A and 322B at instance host 320A,and indicating CSEA 372A as the destination, may be intercepted atclient-side component 344A. Using the membership metadata and/or healthstate updates provided by the configuration manager 180, client-sidecomponent 344A may distribute encapsulation packets comprising thecontents of the baseline packets among the VNIs 364A-364K of IG 350A.Similarly, with respect to baseline packets generated at CCIs 322K and322L of instance host 320B and directed to CSEA 372B, client-sidecomponent 344B may also distribute the corresponding encapsulationpackets among VNIs 364A-364C. Each client-side component 344 maymaintain connection tracking records indicating which specific VNI wasselected as a destination for which baseline packet sources, so that,for example, the same destinations can be selected as destinations forsubsequent baseline packets from the same sources. In at least someembodiments, the encapsulation packet headers may include one or moreadditional fields in the case of trunked VNIs (e.g., identifying whichinterface group or CSEA a given packet is associated with) than in thecase of un-trunked VNIs such as those shown in FIG. 1. Usingencapsulation headers to manage trunking may enable the VNI multiplexingservice to overcome various constraints (e.g., limited numbers of slotsavailable for data structures representing network interfaces) in thevirtualization management stacks and/or operating system stacks at thehosts at which the SCIs 332 are instantiated in some embodiments.

It is noted that at least in some embodiments, trunking (i.e., theassociation of multiple CSEAs with the same VNI) may be used inscenarios in which multiple VNIs are not aggregated into interfacegroups as shown in FIG. 3. For example, a single VNI may be assigned twoor more CSEAs, without being designated a member of an IG. Also, as wasindicated in FIG. 1, interface groups may be set up without usingtrunked VNIs in at least some embodiments. Thus, the respectivetechniques of combining multiple VNIs into interface groups, and ofassigning multiple addresses to a given VNI, may be used independentlyof one another, and/or in combination with each other, in at least someembodiments.

Client-Side Components

As mentioned earlier, client-side components of the VNI multiplexingservice may be implemented at several entities/devices of a providernetwork, including, for example, virtualization management layers ofinstance hosts as well as edge networking devices. FIG. 4 illustratesexamples of client-side virtualization management components of instancehosts that may distribute baseline packet contents among VNIs of aninterface group using encapsulation, according to at least someembodiments. In the depicted embodiment, provider network 400 mayinclude several isolated virtual networks (IVNs) include IVN 405. An IVN405, as indicated earlier, may comprise a collection of computing and/orother resources in a logically isolated section of the provider network400, which may be established at the request of a particular customer(such as customer C1 in the case of IVN 405) of a virtual computingservice of the provider network. The customer may be granted substantialcontrol with respect to networking configuration for the devicesincluded in the IVN. In some embodiments, for example, a customer mayselect the IP (Internet Protocol) address ranges to be used for VNIs tobe attached to various compute instances, manage the creation of subnetswithin the IVN, and the configuration of routing metadata 426 (e.g.,including one or more route tables associated with respective subnets)for the IVN. Routing metadata 426 may include route table entries thatindicate CSEAs as the destinations for some types of packets in someembodiments, and such entries may be used by the client-side components422 to identify which packets are to be distributed among member VNIs ofan IG to which a CSEA is assigned. In some embodiments, resources thatare to be used to perform the operations of one or more other services(e.g., a file storage service, or a database service) implemented at theprovider network may also be organized in one or more IVNs.

In the configuration shown in FIG. 4, an interface group 450 has beenestablished for service requests generated at IVN 405. Additional IGsmay be set up for requests generated at different IVNs in the depictedembodiment. In some embodiments, the interface group 450 may be set upwithin a different IVN established for a particular service for whichwork requests are expected from customer CI's instances; thus, thesources of a set of baseline packets may be in one IVN, while theservice requests indicated in the baseline packets may be fulfilled at adifferent IVN. Baseline packets 450 comprising service requests may begenerated at the CCIs 444 of IVN 405. For example CCIs 444A-444C atinstance host 410A may generate baseline packets 450A, while CCIs444M-444T at instance host 410B may generate baseline packets 450B. Thevirtualization management components (VMCs) 422 (e.g., subcomponents ofa hypervisor and/or a privileged-domain or dom0 operating systeminstance) may intercept the baseline packets 450 at each of the instancehosts. The VMCs 422A and 422B may store respective IG membershipmetadata 434 (e.g., metadata 434A and metadata 434B) as well as IGhealth state records 435 (e.g., records 435A and 435B), that may havebeen received from control-plane components of the VNI multiplexingservice such as a configuration manager 180.

In the depicted embodiment, each of the VMCs may also store a record ofa target selection policy 436, such as policy 436A or 436B. In someimplementations, at least an initial version of the target selectionpolicy may have been provided by the VNI multiplexing service's controlplane components to the VMCs (and to other client-side components). Forexample, when the IG 450 was established or when VNIs were added to IG450, respective initial weights may have been assigned to each of themember VNIs, indicative of the desired probability (e.g., from theperspective of the service for which the IG is set up) of selecting agiven VNI as a destination for an encapsulation packet. Such initialweights may have been propagated to the client-side components such asVMCs 422 to indicate a target selection policy, together with or as partof the membership metadata. In at least some embodiments, the targetselection policies 436 may be modified over time, and may differ fromone client-side component to another. For example, in one embodiment,the client-side components such as VMCs 422 may obtain performancemetrics indicating the responsiveness of each of the IG's members, andmay decide to select target IVNs based on such metrics. Inimplementations in which respective weights are assigned to VNIs of anIG, such weights may be modified programmatically over time. Healthstatus updates may also influence the selection of destination VNIs bythe VMCs 422 in at least some embodiments. For example, as one or morefailures of VNIs or the SCIs to which they are attached are reported,the VMCs 422 may decide to transmit subsequent encapsulation packets tostill-healthy subsets of the IG resources. In one embodiment, if thefraction of failed components of an IG exceeds a threshold, however, allthe components of that IG may be marked as being healthy in records 435,and encapsulation packets may again be transmitted to all the non-publicaddresses of the VNIs of the IG. In at least some embodiments, the VMCsmay maintain connection tracking information 437 (e.g., 437A or 437B),which can be used to continue directing packets of a given long-lastingconnection, sequence or flow originating at a given source CCI to thesame destination VNI of IG 450. In other embodiments, connectiontracking information may not necessarily be stored at client-sidecomponents resident at instance hosts 410. In at least one embodiment,the same destination VNI may be selected deterministically for multiplepackets belonging to a given logical flow without using storedconnection tracking information. In one such embodiment, a flow hashingtechnique may be used in which the destination is selected based on theresult of applying a hash function to some combination of headers of abaseline packet, where the header values are expected to remain the samefor different baseline packets of the flow. In one exampleimplementation of flow hashing for TCP packets, headers containing thesource IP address, the destination IP address, the source TCP portand/or the destination TCP port may be used as inputs to the hashfunction.

FIG. 5 illustrates an example of an edge networking device which maydistribute baseline packet contents among VNIs of an interface group,according to at least some embodiments. In the example configurationshown, the operations of a service Svc1 580 of a provider network 580are implemented at a set of back-end nodes 582, such as nodes 582A and582B. To handle service requests originating at an external network 533,which may for example include devices connected to the public Internetor devices of one or more client-owned premises, an interface group 550has been established. Baseline packets 552 with Svc1 requests may betransmitted from the devices of the external network 533 over variouscombinations of network links to an edge device 510 of the providernetwork 500, such as a gateway or an edge router. Such edge devices mayalso be referred to herein as edge nodes of the provider network 580.The baseline packets 552 may, for example, indicate a CSEA (e.g.,publicly-advertised IP address) of Svc1 as their destination.

At edge device 510, a client-side component 522 of the VNI multiplexingservice may store local versions of IG membership metadata 534, IGhealth state records 535, and/or a target selection policy 536 in thedepicted embodiment. In some embodiments, respective sets of metadatapertaining to a number of different IGs set up in provider network 500to handle requests from external networks such as network 533 may bepropagated to various edge devices 510 of the provider network bycontrol-plane components of the VNI multiplexing service. Upon detectingbaseline packets that are directed to IGs for which metadata isavailable locally, the client-side component 522 may generatecorresponding encapsulation packets 556A and distribute theencapsulation packets to the member VNIs of IG 550. An encapsulationpacket may include the address of the source from which the baselinepacket was generated, which may be referred to herein as the “requestorigin address”. In turn, the SCIs to which the VNIs of IG 550 areattached may transfer encapsulation packets 556B to selected serviceback-end nodes 582. In some embodiments, two different encapsulationprotocols may be used: one at the edge node 510, and one at the SCIs ofthe IG 550. In other embodiments, the same encapsulation protocol may beused for both sets of encapsulation packets 556A and 556B, but thedestination address headers may be modified by the SCIs of IG 550 todirect the 556B packets to the appropriate service nodes 582. In oneembodiment, connection tracking information analogous to thatillustrated in FIG. 4 may also be maintained at the client-sidecomponent 522 at edge device 510. In some embodiments, flow hashing(discussed above in the context of FIG. 4) or other similar techniquesfor consistent selection of destinations for packets of a given logicalflow without using stored connection tracking information may beemployed at edge devices 510.

In at least one embodiment, the service nodes 582 may extract, from theencapsulation packets 556B, request origin addresses 574 of the devicesat which the corresponding service requests originated in externalnetwork 533. When the work indicated in a service request is completedand a response is to be transmitted, the service nodes 582 may includethe corresponding request origin address in a response encapsulationpacket directed back to the IG 550. The SCI that receives the responseencapsulation packet 556B may in turn transmit a corresponding responseencapsulation packet 556A comprising the request origin address to theclient-side component 522 at edge node 510. The client-side component522 may extract the response content and transmit an un-encapsulatedresponse packet 554 to the request origin address.

Control-Plane Interactions

FIG. 6 illustrates examples of programmatic control-plane interactionsbetween a client and a VNI multiplexing service, according to at leastsome embodiments. As shown, a set of programmatic interfaces 688 (e.g.,application programming interfaces (APIs), a web-based console, commandline tools or standalone GUIs (graphical user interfaces)) may be usedby clients 604 to submit various types of configuration requests to aconfiguration manager 180 of the service, and to receive correspondingresponses. In some cases, the programmatic interfaces 688 may be used byadministrators or control-plane components of other services beingimplemented at a provider network at which the VNI multiplexing serviceis supported. In other cases, end-users or customers of the providernetwork's services may utilize programmatic interfaces 688.

In the embodiment depicted in FIG. 6, a CreateIG request 602 may besubmitted programmatically to the configuration manager 180, indicatingone or more properties of an interface group to be established on behalfof the client. The properties may include, for example, some combinationof the number of VNIs to be included, the desired mappings between VNIsand physical resources such as instance hosts, network interface cardsand the like, a target selection policy for the IG, and/or one or moreVNI-specific attributes such as those illustrated in FIG. 2 for themember VNIs. In some embodiments, a CreateIG request may not indicateany VNI-specific details, and may simply be used to create a placeholderobject representing an IG, whose properties may be set later using otherprogrammatic requests. Upon receiving the CreateIG request 602, theconfiguration manager may validate the request (e.g., by performing oneor more authentication/authorization checks) and create the requested IG(e.g., generate and store configuration information corresponding to theIG in a service repository). If, for example, the CreateIG requestindicated details regarding the number and attributes of member VNIs,the required VNIs may be generated and configured as requested. Assumingthat the IG is created successfully, metadata 608 pertaining to thecreated IG (e.g., a unique identifier of the IG) may be returned toclient 604 in response to the CreateIG request.

An AssociateVNIWithIG request 622 may be used to request the designationof a specified VNI (e.g., a VNI that was created earlier in response toa different programmatic request) as a member of an existing IG in someembodiments. In response, the configuration manager 180 may modify theIG's saved membership information accordingly, and transmit anassociation acknowledgement 628 to the client. In response to aModifySelectionPolicy request 631, the rules, weights and/or otheraspects of a target selection policy to be used to select individualVNIs of the IG as destinations by client-side components may bemodified, and a policy change acknowledgement 633 may be provided to theclient.

In some embodiments, programmatic interfaces 688 may be used to submitrequests to update health state information pertaining to specified IGs.In response to such an UpdateHealthState request 637, the configurationmanager may in some implementations transmit, to the client-sidecomponents associated with the specified IG, the most recently obtainedhealth state information for the service compute instances to which theVNIs of the specified IG are assigned. In some implementations, uponreceiving the UpdateHealthState request, the configuration manager maydirect health state monitors to obtain fresh health state information,and transmit the results of the newly-performed health checks to theclient-side components. In the embodiment depicted in FIG. 6, anacknowledgement 639 indicating that the health state information hasbeen propagated may be provided to the client. In at least oneembodiment, in addition to propagating the health state information tothe client-side components, the configuration manager 180 may alsoinclude the health status information in the acknowledgement 639provided to client 604.

In one embodiment, a client may request that an IG (e.g., one createdearlier in response to a CreateIG request) be attached programmaticallyto one or more specified client compute instances. In response to suchan AttachIGToClientCIs request 643, the configuration manager may storea record of an association of the IG with the specified set of clientCIs, and propagate the IG metadata to the corresponding client-sidecomponents (such as VMCs at the instance hosts at which the client CIsare instantiated). In at least one embodiment, one or more additionalVNIs may be created to represent the IG at the instance hosts, andattached to the specified client CIs. After metadata representing thecompletion of the requested attach operation(s) is generated and stored,the configuration manager may send an attach acknowledgement 645 to theclient. In some embodiments, similar requests to attach an IG to an edgenode of the provider network may also be supported.

In at least some embodiments, a number of additional control-planerequest types, not shown in FIG. 6, may be supported by the VNImultiplexing service. For example, requests to describe (list variousproperties of) an interface group, or to describe specific VNIs of aninterface group, may be supported in at least some embodiments. Inaddition, requests to delete IGs or VNIs, or transfer VNIs from one IGto another, may be supported. Security-related requests, such asrequests to allow or prohibit multi-tenancy using trunked VNIs, or todelegate security-related roles from one client to another, may besupported in various embodiments. In at least one embodiment, a clientmay have to transmit a programmatic request indicating an approval of amulti-tenant mode of operation of a specified VNI (or of an instancehost at which a VNI is attached), e.g., before traffic generated onbehalf of a plurality of clients of the VNIM service can be directed tothe VNI (or instance host). Some of the types of requests shown in FIG.6 may not be supported in at least one embodiment.

Mappings Between VNIs, NICs and Hosts

Depending on the performance and/or isolation requirements associatedwith an interface group, different approaches may be taken with respectto the manner in which the traffic associated with an interface group isdistributed among hardware devices such as physical network interfacecards (NICs) in various embodiments. FIGS. 7a, 7b and 7c respectivelyillustrate three examples of mappings between VNIs, NICs and hostsassociated with an interface group, according to at least someembodiments. In the context of FIG. 7a-7c , the term “service host” isused for the instance hosts at which service compute instances (to whichthe VNIs of an interface group are attached) are run as respectivevirtual machines.

In the approach illustrated in FIG. 7a , the VNIs 164 of an interfacegroup are each attached to a compute instance that is launched at adifferent service host with at least one NIC. Thus, VNI 164A is attachedto service compute instance 132A running at a service host 702A that hasat least one NIC 710A, while VNI 164B is attached to service computeinstance 132B running at a different service host 702B with at least NIC710B. Such a mapping between VNIs, NICs and service hosts may bereferred to as a 1:1:1 VNI:NIC:Host mapping. Assigning a respective NICto the traffic directed to each VNI may allow very high aggregatebandwidths for the interface group as a whole to be supported in someembodiments. The 1:1:1 mapping may also be selected in at least someembodiments for at least some trunked VNIs (e.g., VNIs that are expectedto handle traffic associated with multiple client-accessible IPaddresses).

In a second approach, shown in FIG. 7b , an N:N:1 VNI:NIC:Host mappingis shown. In this approach, although several of the service computeinstances to which several VNIs of a given instance group are attachedmay be run on the same service host, each VNI may be associated with arespective NIC. Thus, VNI 164A is attached to SCI 132A at service host702, and VNI 164B is attached to a different SCI 132B at the sameservice host. Service host 702 has at least two NICs 710A and 710B,respectively used for traffic associated with each of the VNIs. N:N:1mappings may be used, for example, in environments in which many of theservice hosts that can be used for SCIs have multiple NICs attached tothem and the service hosts have high computational capacities (e.g.,enough capacity to handle several different service compute instances),in scenarios in which the bandwidth requirements for different VNIs areexpected to be relatively high.

In the approach illustrated in FIG. 7c , N different VNIs of a giveninterface group may be attached to SCIs running at the same servicehost, and one or more NICs of the service host may be shared for trafficdirected to the N VNIs. As shown, VNIs 164A and 164B are attachedrespectively to SCIs 132A and 132B. Both SCIs run at the same servicehost 702, and NIC 710 is used for traffic directed to both VNIs. Thiskind of approach may be referred to as an N:1:1 VNI:NIC:Host mapping. AnN:1:1 mapping may be appropriate, for example, when the shared NIC has ahigher bandwidth capacity than is expected to be required for any givenVNI.

In at least some embodiments, variations on the mappings between VNIs,NICs, and hosts shown in FIG. 7a-7c may be used. For example, an N:M:1mapping may be used in one embodiment, in which the traffic of N VNIs isdistributed among M NICs (where M is a different integer than N) at agiven instance host. An N:M:1 mapping may be considered a hybrid of theN:1:1 mapping shown in FIG. 7c and the N:N:1 mapping shown in FIG. 7b .In some embodiments, multiple NICs may be used for a single VNI, e.g., a1:N:1 mapping may be used. In at least one embodiment, the mappings tobe used for a given set of service clients may be selected based on anindication of the expected performance requirements for an interfacegroup. Such performance requirements may be indicated programmaticallyto the VNI multiplexing service in some embodiments, e.g., at the timethat the interface group is established or at some later point. In someembodiments, the configuration manager of the VNI multiplexing servicemay initially utilize one mapping approach between VNIs, NICs and hostsfor a given interface group, but may later add VNIs that are set upbased on a different mapping approach, or may transfer VNIs to differentSCIs to modify the mappings. In at least one embodiment, explicitprogrammatic approval may be required from the clients involved before agiven resource of the VNI multiplexing service (such as a VNI, an SCI, aNIC, or an instance host) is used in a multi-tenant mode (e.g., for thenetwork traffic of several different clients).

Methods for Multiplexing VNIs

FIG. 8 is a flow diagram illustrating aspects of operations that may beperformed by control-plane components (such as a configuration manager)of a VNI multiplexing service, according to at least some embodiments.As shown in element 801, the control-plane components may instantiate agroup of service compute instances (SCIs) to handle service requests ofa particular service Svc1 implemented at a provider network from someset of clients. The SCIs may either implement the service functionalitythemselves, or may be intended to serve as intermediaries that transmitreceived service requests to other back-end nodes of Svc1 at which thebulk of the service functionality is to be implemented. One or more VNIsattached to the SCIs may be designated as members of an interface group(IG) (element 804). At least one client-accessible service endpointaddress (CSEA) (e.g., an IP address) associated with Svc1 may beassigned to the interface group (either at the time that the interfacegroup is established, or at some later point prior to initiating the useof the interface group for client requests). The interface group may beset up to distribute service requests of Svc1 clients, directed toSvc1's CSEA (as well as the responses to such requests), among themember VNIs and the SCIs to which the member VNIs are attached. In atleast some embodiments, one or more of the VNIs may be “trunked”, thatis, configured to receive packets directed to more than one CSEAassociated with Svc1.

The control plane components may identify a set of client-sidecomponents of the VNI multiplexing service to which membership metadataof the IG is to be propagated (element 807). The membership metadata maybe used by the client-side components to generate encapsulation packetscontaining contents of baseline packets generated by Svc1 clients, withdestination headers of the encapsulation packets containing privateaddresses of selected VNIs of the IG (e.g., instead of the CSEA assignedto the IG). Using such an encapsulation protocol, the work requestsdirected to Svc1 may be distributed by the client-side componentsthemselves, without for example utilizing special-purpose load balancerappliances. The client-side components may include, for example,virtualization management components (VMCs) at instance hosts whereclient compute instances are run, and/or edge devices such asgateways/routers of the provider network at which Svc1 requests may bereceived from external networks. In at least one embodiment, the set ofclient-side components expected to use the IG may be indicated (e.g.,either explicitly or implicitly) in a programmatic request to set up theIG. In other embodiments, the client-side components may be indicated byspecifying one or more client compute instances to which the IG as awhole is to be programmatically attached. Metadata indicative of theinitial membership of the IG may be transmitted to the client-sidecomponents that are expected to utilize the IG (element 810) in thedepicted embodiment. In at least one embodiment, the control-planecomponents may also propagate at least an initial target selectionpolicy that can be used to select specific VNIs as targets for variousencapsulation packets by the client-side components. A variety ofselection policies may be used in different embodiments, such asweight-based policies in which each member VNI is assigned a respectiverelative weight to be used as a probability of selecting that VNI,random selection policies, or selection based on performance metricssuch as average responsiveness to service requests. In at least someembodiments, the client-side components may modify service-specifiedtarget selection policies, or use their own target selection policies.

After the membership and/or target selection information has beenprovided to the client-side components, the request traffic from theclients may be permitted to flow. In at least some embodiments,control-plane components of the VNI multiplexing service may collectperformance and/or health state metrics pertaining to the constituentcomponents of the IG (such as the various SCIs to which the member VNIsare attached, the instance hosts on which the SCIs run, and/or networkhardware infrastructure components such as NICs being used for the IG).In some embodiments, the health state information may be collected byagents of the VNI multiplexing service itself, while in otherembodiments control plane components of the VNI multiplexing service maydirect or request other services to initiate collection of health stateinformation of the IG. The health state information and/or performancemetrics may be transmitted to the client-side components as well(element 813), e.g., either in response to explicit programmaticrequests or in accordance with a “push” model in which explicit requestsare not required. In the event of a failure associated with a VNI thatis designated as a member of an IG (such as a premature shutdown of thecorresponding SCI, or a hardware failure or network partitioningresulting in an instance host becoming unreachable), the control planecomponents may transfer the affected VNIs to other instances/hosts, orreplace the affected VNIs with different VNIs (element 816). The updatedmembership metadata of the IG may be propagated to the client-sidecomponents after such changes are made in the depicted embodiment.

FIG. 9 is a flow diagram illustrating aspects of operations that may beperformed by client-side components of a VNI multiplexing service,according to at least some embodiments. As indicated earlier, suchclient-side components may be resident at virtualization managementcomponents of instance hosts and/or at edge nodes of provider networksin various embodiments. As shown in element 901 of FIG. 9, a client-sidecomponent may receive membership metadata pertaining to an interfacegroup IG1 from a control-plane component of the VNI multiplexingservice. The membership metadata may, for example, include theidentifiers and/or private network addresses assigned to various memberVNIs of IG1, which may have been set up to distribute service requestsand responses of a service Svc1 implemented at a provider network. ACSEA of the service may have been assigned to IG1 in the depictedembodiment.

The client-side component may intercept a baseline packet (e.g., apacket representing a Svc1 service request generated at a client computeinstance, or at a device at an external network) whose destination isthe CSEA assigned to IG1. Using a target selection policy associatedwith IG1, the client-side component may identify a particular VNI of IG1as the destination for the baseline packet (element 904). Any of avariety of target selection policies may be used in differentembodiments, including policies in which the VNIs are selected astargets based on assigned weights, policies in which VNIs are selectedat random, or policies in which VNIs are selected based on performancemeasures obtained by the client-side components forpreviously-transmitted packets. In at least some implementations, theprivate address of the selected VNI may be indicated in a destinationheader of an encapsulation packet whose body portion includes at least aportion of the contents of the baseline packet. Any appropriateencapsulation protocol may be used in the depicted embodiment, e.g., theGRE protocol or a custom protocol used only within the provider network.

The encapsulation packet may be transmitted on a network path towardsthe selected IG1 member (element 907). In at least some embodiments, aconnection tracking record may be stored to indicate the particular VNIthat was selected for the packet (element 910), so that, for example,that same VNI may be selected for subsequent packets of the same logicalconnection or sequence of packets from the same source (e.g., forsubsequent baseline packets from the same process and port at a clientcompute instance).

In some embodiments, the client-side components may receive health stateinformation and/or performance metrics pertaining to the members of IG1.Based on such information, the target selection metadata (e.g., the setof healthy/responsive VNIs from which one is to be selected) may bemodified at the client-side component (element 913). In at least oneembodiment, if the number (or fraction) of VNIs or SCIs of IG1 that arereported as being in an unhealthy state increases beyond a thresholdlimit, the client-side components may mark all the reportedly unhealthymembers as healthy, and start distributing encapsulation packets amongall the members of IG1.

It is noted that in various embodiments, operations other than thoseillustrated in the flow diagrams of FIGS. 8 and 9 may be used toimplement at least some of the techniques for supporting VNImultiplexing. Some of the operations shown may not be implemented insome embodiments, may be implemented in a different order thanillustrated in FIG. 8 or FIG. 9, or in parallel rather thansequentially.

Use Cases

The techniques described above, of aggregating virtual networkinterfaces into interface groups such that traffic originally directedto a particular client-accessible service endpoint address can bedistributed among a number of service compute instances by client-sidecomponents, may be useful in a variety of scenarios. As more and moredistributed services are migrated to provider network environments,including stateful services such as file stores that are intended tosupport NFS-like semantics, the need for intelligent distribution ofworkloads and sharing of service endpoint addresses is also increasing.The ability to dynamically adjust the number of virtual networkinterfaces in use for a given set of clients accessing a service,without requiring the client applications to change the endpointaddresses that they have to use, may make it much easier to implementmany distributed services whose clients can have dramatically differentworkload requirements. The ability to associate multiple endpointaddresses of a service with a given virtual network interface, incombination with the aggregation of virtual network interfaces intointerface groups, may allow a provider network operator to overcomevarious limitations of underlying software infrastructure (such as themaximum number of software network interface devices that can beconfigured within an operating system or hypervisor) that reduce theflexibility of service architectures.

Illustrative Computer System

In at least some embodiments, a server that implements one or more ofthe control-plane and data-plane components that are used to support VNImultiplexing may include a general-purpose computer system that includesor is configured to access one or more computer-accessible media. FIG.10 illustrates such a general-purpose computing device 9000. In theillustrated embodiment, computing device 9000 includes one or moreprocessors 9010 coupled to a system memory 9020 (which may comprise bothnon-volatile and volatile memory modules) via an input/output (I/O)interface 9030. Computing device 9000 further includes a networkinterface 9040 (e.g., a NIC similar to those shown in FIG. 7a-7c )coupled to I/O interface 9030.

In various embodiments, computing device 9000 may be a uniprocessorsystem including one processor 9010, or a multiprocessor systemincluding several processors 9010 (e.g., two, four, eight, or anothersuitable number). Processors 9010 may be any suitable processors capableof executing instructions. For example, in various embodiments,processors 9010 may be general-purpose or embedded processorsimplementing any of a variety of instruction set architectures (ISAs),such as the x86, PowerPC, SPARC, or MIPS ISAs, or any other suitableISA. In multiprocessor systems, each of processors 9010 may commonly,but not necessarily, implement the same ISA. In some implementations,graphics processing units (GPUs) may be used instead of, or in additionto, conventional processors.

System memory 9020 may be configured to store instructions and dataaccessible by processor(s) 9010. In at least some embodiments, thesystem memory 9020 may comprise both volatile and non-volatile portions;in other embodiments, only volatile memory may be used. In variousembodiments, the volatile portion of system memory 9020 may beimplemented using any suitable memory technology, such as static randomaccess memory (SRAM), synchronous dynamic RAM or any other type ofmemory. For the non-volatile portion of system memory (which maycomprise one or more NVDIMMs, for example), in some embodimentsflash-based memory devices, including NAND-flash devices, may be used.In at least some embodiments, the non-volatile portion of the systemmemory may include a power source, such as a supercapacitor or otherpower storage device (e.g., a battery). In various embodiments,memristor based resistive random access memory (ReRAM),three-dimensional NAND technologies, Ferroelectric RAM, magnetoresistiveRAM (MRAM), or any of various types of phase change memory (PCM) may beused at least for the non-volatile portion of system memory. In theillustrated embodiment, program instructions and data implementing oneor more desired functions, such as those methods, techniques, and datadescribed above, are shown stored within system memory 9020 as code 9025and data 9026.

In one embodiment, I/O interface 9030 may be configured to coordinateI/O traffic between processor 9010, system memory 9020, and anyperipheral devices in the device, including network interface 9040 orother peripheral interfaces such as various types of persistent and/orvolatile storage devices. In some embodiments, I/O interface 9030 mayperform any necessary protocol, timing or other data transformations toconvert data signals from one component (e.g., system memory 9020) intoa format suitable for use by another component (e.g., processor 9010).In some embodiments, I/O interface 9030 may include support for devicesattached through various types of peripheral buses, such as a variant ofthe Peripheral Component Interconnect (PCI) bus standard or theUniversal Serial Bus (USB) standard, for example. In some embodiments,the function of I/O interface 9030 may be split into two or moreseparate components, such as a north bridge and a south bridge, forexample. Also, in some embodiments some or all of the functionality ofI/O interface 9030, such as an interface to system memory 9020, may beincorporated directly into processor 9010.

Network interface 9040 may be configured to allow data to be exchangedbetween computing device 9000 and other devices 9060 attached to anetwork or networks 9050, such as other computer systems or devices asillustrated in FIG. 1 through FIG. 9, for example. In variousembodiments, network interface 9040 may support communication via anysuitable wired or wireless general data networks, such as types ofEthernet network, for example. Additionally, network interface 9040 maysupport communication via telecommunications/telephony networks such asanalog voice networks or digital fiber communications networks, viastorage area networks such as Fibre Channel SANs, or via any othersuitable type of network and/or protocol.

In some embodiments, system memory 9020 may be one embodiment of acomputer-accessible medium configured to store program instructions anddata as described above for FIG. 1 through FIG. 9 for implementingembodiments of the corresponding methods and apparatus. However, inother embodiments, program instructions and/or data may be received,sent or stored upon different types of computer-accessible media.Generally speaking, a computer-accessible medium may includenon-transitory storage media or memory media such as magnetic or opticalmedia, e.g., disk or DVD/CD coupled to computing device 9000 via I/Ointerface 9030. A non-transitory computer-accessible storage medium mayalso include any volatile or non-volatile media such as RAM (e.g. SDRAM,DDR SDRAM, RDRAM, SRAM, etc.), ROM, etc., that may be included in someembodiments of computing device 9000 as system memory 9020 or anothertype of memory. Further, a computer-accessible medium may includetransmission media or signals such as electrical, electromagnetic, ordigital signals, conveyed via a communication medium such as a networkand/or a wireless link, such as may be implemented via network interface9040. Portions or all of multiple computing devices such as thatillustrated in FIG. 10 may be used to implement the describedfunctionality in various embodiments; for example, software componentsrunning on a variety of different devices and servers may collaborate toprovide the functionality. In some embodiments, portions of thedescribed functionality may be implemented using storage devices,network devices, or special-purpose computer systems, in addition to orinstead of being implemented using general-purpose computer systems. Theterm “computing device”, as used herein, refers to at least all thesetypes of devices, and is not limited to these types of devices.

CONCLUSION

Various embodiments may further include receiving, sending or storinginstructions and/or data implemented in accordance with the foregoingdescription upon a computer-accessible medium. Generally speaking, acomputer-accessible medium may include storage media or memory mediasuch as magnetic or optical media, e.g., disk or DVD/CD-ROM, volatile ornon-volatile media such as RAM (e.g. SDRAM, DDR, RDRAM, SRAM, etc.),ROM, etc., as well as transmission media or signals such as electrical,electromagnetic, or digital signals, conveyed via a communication mediumsuch as network and/or a wireless link.

The various methods as illustrated in the Figures and described hereinrepresent exemplary embodiments of methods. The methods may beimplemented in software, hardware, or a combination thereof. The orderof method may be changed, and various elements may be added, reordered,combined, omitted, modified, etc.

Various modifications and changes may be made as would be obvious to aperson skilled in the art having the benefit of this disclosure. It isintended to embrace all such modifications and changes and, accordingly,the above description to be regarded in an illustrative rather than arestrictive sense.

What is claimed is:
 1. A system, comprising: a first client-sidecomponent of a virtual network interface multiplexing (VNIM) service,wherein the first client-side component is resident at a particularinstance host of a virtual computing service of a provider network; andone or more control-plane components of the VNIM service; wherein theone or more control-plane components are configured to: designate aplurality of virtual network interfaces (VNIs) as members of a firstinterface group, wherein a first VNI of the plurality of VNIs isattached to a first compute instance, wherein a second VNI of theplurality of VNIs is attached to a second compute instance, and whereinnetwork traffic directed to a particular client-accessible serviceendpoint address (CSEA) associated with the first interface group is tobe distributed among members of the first interface group by the firstclient-side component based at least in part on a target selectionpolicy; propagate membership metadata of the first interface group toone or more client-side components including the first client-sidecomponent, wherein the membership metadata includes the target selectionpolicy; and wherein, in response to a detection of a baseline networkpacket generated at a particular traffic source and directed to theparticular C SEA, the first client-side component is configured to:identify, using at least the target selection policy, a particularnetwork address assigned to the first VNI as a destination for contentsof the baseline network packet, wherein the particular network addressdiffers from the particular CSEA; store a connection tracking recordindicating that the particular address assigned to the first VNI wasselected as the destination for the particular traffic source; andutilize the connection tracking record to select the particular addressassigned to the first VNI as a destination for contents of a subsequentbaseline packet.
 2. The system as recited in claim 1, wherein the one ormore control-plane components are further configured to: assign thefirst VNI to receive traffic directed to a plurality of CSEAs includingthe particular CSEA and a second CSEA, wherein the second CSEA isassigned to a different interface group, wherein the different interfacegroup is established to receive network traffic from a set ofclient-side components that includes at least one client-side componentother than the first client-side component.
 3. The system as recited inclaim 1, wherein the one or more control-plane components are furtherconfigured to: initiate a collection of health status informationpertaining to one or more compute instances to which respective virtualnetwork interfaces of the first interface group are attached, includingthe first compute instance; and transmit, to the first client-sidecomponent, the health status information pertaining to the one or morecompute instances.
 4. The system as recited in claim 1, furthercomprising a second client-side component of the VNI multiplexingservice, wherein the second client-side component is resident at an edgedevice of the provider network, wherein the one or more control-planecomponents are further configured to propagate membership metadata of asecond interface group to the second client-side component, and whereinnetwork traffic received from an external network at the edge device anddirected to a different CSEA associated with the second interface groupis to be distributed among members of the second interface group by thesecond client-side component.
 5. The system as recited in claim 1,wherein the first client-side component is configured to: transmit, toan instance host at which the first compute instance is running, anencapsulation packet comprising at least a portion of the contents ofthe baseline network packet, wherein the encapsulation packet includesan indication of a network address of the particular traffic source. 6.A method, comprising: assigning, by one or more control-plane componentsof a virtual network interface multiplexing (VNIM) service, one or morevirtual network interfaces (VNIs) as members of a first interface group,wherein a first VNI of the one or more VNIs is attached to a firstcompute instance, and wherein network traffic directed to a particularclient-accessible service endpoint address (CSEA) associated with thefirst interface group is to be distributed among members of the firstinterface group by a first client-side component of the VNIM service;propagating, by the one or more control plane components, membershipmetadata of the first interface group to one or more client-sidecomponents including the first client-side component; and in response todetecting, by the first client-side component, that a baseline networkpacket generated at a particular traffic source is directed to theparticular C SEA, identifying, by the first client-side component, thefirst VNI as a destination for contents of the baseline network packet;and selecting, by the first client-side component, based at least inpart on connection state information generated as a result of saididentifying, the first VNI as a destination for a subsequent baselinepacket directed to the particular CSEA from the particular trafficsource.
 7. The method as recited in claim 6, further comprising:configuring, by the one or more control-plane components, the first VNIto receive traffic directed to a plurality of CSEAs including theparticular CSEA and a second CSEA, wherein the second CSEA is assignedto a different interface group, wherein the different interface group isestablished to receive network traffic from a set of client-sidecomponents that includes at least one client-side component other thanthe first client-side component.
 8. The method as recited in claim 6,further comprising: initiating, by the one or more control-planecomponents, a collection of health state information pertaining to oneor more compute instances to which respective virtual network interfacesof the first interface group are attached, including the first computeinstance; and transmitting, to the first client-side component, thehealth state information pertaining to the one or more computeinstances.
 9. The method as recited in claim 6, further comprising:maintaining, by the first client-side component, a health state entrycollection comprising a plurality of entries associated with respectiveVNIs of the first interface group, including a first entry indicative ofa reported health state of the first VNI, wherein, in accordance with atarget selection policy associated with the first interface group, saididentifying the first VNI as the destination for contents of the firstbaseline packet is based at least in part on an examination of the firstentry.
 10. The method as recited in claim 9, further comprising: inresponse to receiving, at the first client-side component, one or morehealth state updates which collectively indicate that a count of VNIs ofthe first interface group that are reported to be in an unhealthy stateexceeds a threshold, modifying at least a subset of entries of thehealth state entry collection to indicate that the corresponding VNIsare in a healthy state, wherein the subset includes at least one entryfor which a health state update indicating an unhealthy state wasreceived.
 11. The method as recited in claim 6, wherein the firstclient-side component is resident at a particular instance host of avirtual computing service of a provider network, wherein the particularinstance host comprises at least a particular compute instance of anisolated virtual network established on behalf of a customer of thevirtual computing service, wherein the particular compute instancecomprises the particular traffic source.
 12. The method as recited inclaim 6, wherein the first client-side component comprises asubcomponent of an edge device of a provider network, wherein theparticular traffic source is a device connected to a portion of thepublic Internet.
 13. The method as recited in claim 6, furthercomprising: transmitting, from the first client-side component to thefirst compute instance, an encapsulation packet comprising at least aportion of the contents of the first baseline packet, wherein saidencapsulation packet includes a request origin address indicative of theparticular traffic source.
 14. The method as recited in claim 13,further comprising: transmitting, from the first compute instance to afirst back-end node of a service associated with the first interfacegroup, an indication of (a) the request origin address and (b) a servicerequest generated at the particular traffic source; and providing, bythe first back-end service node, (a) a response to the service requestand (b) the request origin address, enabling the first client-sidecomponent to transmit the response to the particular traffic source. 15.The method as recited in claim 6, wherein the baseline packet is part ofa sequence of baseline packets associated with a particular connectionestablished using a connection-oriented networking protocol, furthercomprising: detecting, by the one or more control-plane components, afailure associated with the first compute instance; and selecting, bythe one or more control-plane components, a different VNI of the firstinterface group to which contents of at least one subsequent baselinepacket of the sequence are to be directed by the first client-sidecomponent without terminating the particular connection; and propagatingan indication of the different VNI to the first client-side component.16. The method as recited in claim 6, further comprising: implementing,by the one or more control-plane components, a set of programmaticinterfaces enabling customers of the VNIM service to submitadministrative requests, wherein said assigning the one or more VNIs asmembers of the first interface group is responsive to receiving, by theone or more control-plane components, a request via a particularprogrammatic interface of the set.
 17. The method as recited in claim 6,further comprising: receiving, by the one or more control-planecomponents, a programmatic indication of an approval of a multi-tenantmode of operation of the first VNI, wherein, in accordance with themulti-tenant mode of operation, traffic generated on behalf of aplurality of clients of the VNIM service is to be directed to the firstVNI.
 18. A non-transitory computer-accessible storage medium storingprogram instructions that when executed on one or more processorsimplements a control-plane component of a virtual network interfacemultiplexing (VNIM) service, wherein the control-plane component isconfigured to: assign a plurality of virtual network interfaces (VNIs)as members of a first interface group, wherein a first VNI of theplurality of VNIs is attached to a first compute instance, and whereinnetwork traffic directed to a particular endpoint address associatedwith the first interface group is to be distributed among members of thefirst interface group by a first client-side component of the VNIMservice; identify one or more client-side components configured todistribute the network traffic among the members of the first interfacegroup in accordance with membership metadata of the first interfacegroup, wherein the one or more client-side components include the firstclient-side component, and wherein the membership metadata indicates theplurality of VNIs that are members of the first interface group;propagate the membership metadata of the first interface group to theone or more identified client-side components; and in response to adetection of an unhealthy state of the first compute instance: detachthe first VNI from the first compute instance, wherein, in response todetaching the first VNI from the first compute instance, network packetsfrom the one or more identified client-side components and directed tothe first VNI are not received at the first compute instance; and attachthe first VNI to a different compute instance, wherein, in response toattaching the first VNI to the different compute instance, networkpackets from the one or more identified client-side components anddirected to the first VNI are received at the different computeinstance.
 19. The non-transitory computer-accessible storage medium asrecited in claim 18, wherein the control-plane component is configuredto: assign the first VNI to receive traffic directed to a plurality ofendpoint addresses including the particular endpoint address and asecond endpoint address, wherein the second endpoint address is assignedto a different interface group.
 20. The non-transitorycomputer-accessible storage medium as recited in claim 18, wherein thefirst VNI is assigned as a member of the first interface group inresponse to an invocation of a programmatic interface by a client of theVNIM service.
 21. The non-transitory computer-accessible storage mediumas recited in claim 18, wherein the control-plane component isconfigured to: initiate a propagation, to the first client-sidecomponent, of health state information pertaining to one or more computeinstances to which respective VNIs of the first interface group areattached.